← Back

Fig2dev Project

fig2dev_project

20 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Fig2dev
fig2dev
20 CVEs

CVEs (20)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-46400
2Fig2dev Project
Redhat
2Enterprise Linux
Fig2dev
Jan 8, 2026
Apr 23, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
CVE-2025-46399
2Fig2dev Project
Redhat
2Enterprise Linux
Fig2dev
Jan 8, 2026
Apr 23, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
CVE-2025-46398
2Fig2dev Project
Redhat
2Enterprise Linux
Fig2dev
Jan 8, 2026
Apr 23, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
CVE-2025-46397
2Fig2dev Project
Redhat
2Enterprise Linux
Fig2dev
Jan 19, 2026
Apr 23, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
CVE-2025-31164
1Fig2dev Project
1Fig2dev
Nov 3, 2025
Mar 28, 2025
N/A· v4
6.6 MEDIUM· v3
N/A· v2
heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via  create_line_with_spline.
CVE-2025-31163
1Fig2dev Project
1Fig2dev
Nov 3, 2025
Mar 28, 2025
N/A· v4
6.6 MEDIUM· v3
N/A· v2
Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.
CVE-2025-31162
1Fig2dev Project
1Fig2dev
Nov 3, 2025
Mar 28, 2025
N/A· v4
6.6 MEDIUM· v3
N/A· v2
Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.
CVE-2021-37530
2Debian
Fig2dev Project
2Debian Linux
Fig2dev
Nov 21, 2024
Jan 12, 2022
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
CVE-2021-37529
2Debian
Fig2dev Project
2Debian Linux
Fig2dev
Nov 21, 2024
Jan 12, 2022
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
CVE-2020-21684
1Fig2dev Project
1Fig2dev
Nov 21, 2024
Aug 10, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
CVE-2020-21683
1Fig2dev Project
1Fig2dev
Nov 21, 2024
Aug 10, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
CVE-2020-21682
1Fig2dev Project
1Fig2dev
Nov 21, 2024
Aug 10, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
CVE-2020-21681
1Fig2dev Project
1Fig2dev
Nov 21, 2024
Aug 10, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
CVE-2020-21680
1Fig2dev Project
1Fig2dev
Nov 21, 2024
Aug 10, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
CVE-2020-21678
1Fig2dev Project
1Fig2dev
Nov 21, 2024
Aug 10, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.
CVE-2020-21676
2Debian
Fig2dev Project
2Debian Linux
Fig2dev
Nov 21, 2024
Aug 10, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
CVE-2020-21675
2Debian
Fig2dev Project
2Debian Linux
Fig2dev
Nov 21, 2024
Aug 10, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.
CVE-2021-3561
3Debian
FedoraprojectFig2dev Project
3Debian Linux
FedoraFig2dev
Nov 21, 2024
May 26, 2021
N/A· v4
7.1 HIGH· v3
5.8 MEDIUM· v2
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause...Show more
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.Show less
CVE-2019-19746
2Fedoraproject
Fig2dev Project
2Fedora
Fig2dev
Nov 21, 2024
Dec 12, 2019
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
CVE-2018-16140
2Canonical
Fig2dev Project
2Fig2dev
Ubuntu Linux
Nov 21, 2024
Aug 30, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.